WO2021016278A1 - Systèmes et procédés de délégation ou de réplication sur un réseau privé - Google Patents

Systèmes et procédés de délégation ou de réplication sur un réseau privé Download PDF

Info

Publication number
WO2021016278A1
WO2021016278A1 PCT/US2020/042937 US2020042937W WO2021016278A1 WO 2021016278 A1 WO2021016278 A1 WO 2021016278A1 US 2020042937 W US2020042937 W US 2020042937W WO 2021016278 A1 WO2021016278 A1 WO 2021016278A1
Authority
WO
WIPO (PCT)
Prior art keywords
subscriber
profile
private network
conversation
replicator
Prior art date
Application number
PCT/US2020/042937
Other languages
English (en)
Inventor
Billy Gayle Moon
Original Assignee
Whitestar Communications Inc.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Whitestar Communications Inc. filed Critical Whitestar Communications Inc.
Publication of WO2021016278A1 publication Critical patent/WO2021016278A1/fr

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/101Access control lists [ACL]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/102Entity profiles
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/104Grouping of entities

Definitions

  • the present invention is in the technical field of delegation or replication services within secure and encrypted private networks. More particularly, the present Invention is in the technical field of establishing trusted service providers who operate with trusted subscribers to a service.
  • the present invention is in the technical field of vetting your subscribers to ensure that even the list of followers is controlled.
  • Social media typically facilitates user-generated content including text, comments, photos, videos and voice.
  • these various media are generated through "online" interactions and are facilitated by one or more third party platforms such as Twitter, Facebook, Youtube, SnapChat,
  • the service provides have recently gone into censorship or "de-platforming" of content based on their or their advertisers best interests and not necessary the interest of their users or user communities.
  • the censorship is at the direction of a central government but in most cases it is carried out based on arbitrary decisions of the social media service provides.
  • One-way authentication only authenticates or assures the user that when they connect to a sight that "claims to be” say instagram, that In fact it is instagram, The converse is not true.
  • the cryptographic system does not authenticate the client software used by the user and therefore must trust higher level protocols to assure that a user that claims to be user A is In fact user A, for example through passwords or other means.
  • CDN's Content Distribution Networks
  • CDNs are a layer in the internet ecosystem.
  • CDN operators Content owners such as media companies and e-commerce vendors pay CDN operators to deliver their content to their end Users.
  • a CDN pays ISPs, carriers, and network operators for hosting its servers in their data centers.
  • CDN is an umbrella term spanning different types of content delivery services: video streaming, software downloads, web and mobile content acceleration, licensed/managed CDN, transparent caching, and services to measure CDN performance, load balancing, multi- CDN switching and analytics and cloud intelligence.
  • CDN's share the "same" core content to all users that consume it. Adds and other localized information may be Injected or added to the information, but the core information that is delivered to each user is the same.
  • CDN's allow any user to consume the information they are caching.
  • content once shared to a CDN is then replicated and delivered to any subscriber (client) that wishes to read the content
  • peer-to-peer CDNs There are also peer-to-peer CDNs.
  • P2P peer-to-peer
  • clients provide resources as well as Use them.
  • the content centric networks can actually perform better as more users begin to access the content (especially with protocofs such as Bittorrent that require users to share).
  • This property is one of the major advantages of using P2P networks because it makes the setup and running costs very small for the original content distributor.
  • the present invention is systems and methods of delegation or replication on a private network, comprising: establishing a secure and encrypted private network with one or more profile computing devices; establishing a trust relationship on a whitelist for a first profile computing device; identifying categories Of services provided to the first profile including One Or more Of the following: receiving and executing commands from the first profile; vetting a subscriber before inclusion in a service; receiving from a subscriber; distributing content to one or more subscribers in a group; revoking a subscriber from a group; or reporting task status; receiving a selection of one or more of the services from the first profile; executing one or more of the selected services on behalf of the first profile.
  • the systems and methods of delegation or replication on a private network wherein the vetting of a subscriber further comprises one or more of the following: checking a blacklist on behalf of the first profile; checking reputation of the subscriber; or checking subscriptions of the subscriber.
  • the systems and methods of delegation or replication on a private network further comprising: automatically accepting or rejecting a subscriber on behalf of the first profile based on a threshold; or indicating acceptance or rejection criterion to the first profile for decision making.
  • reporting task status further comprises: customizing reports based on notification level setting from the first profile.
  • revoking a subscriber further comprises: monitoring subscriber behavior; automatically revoking a subscriber based on threshold parameters Indicating violation of rules of the private network; or recommending revocation Of a subscriber to the first profile for decision-making.
  • receiving from a subscriber further comprises: creating subordinate conversation object associated with a conversation object only if subscriber is not on the blacklist of the first profile.
  • the systems and methods of delegation or replication on a private network further comprising, executing a delete command from the first profile by deleting a conversation object and any associated subordinate conversation objects the secure objects on all profile computing devices on the private network other than the first profile computing device.
  • the systems and methods of delegation or replication on a private network further comprising: preventing deletion of content by non-source profiles in the private network.
  • FIG. 1 shows a diagram illustrating an example of systems and methods systems and methods of systems and methods of delegation or replication on a private network with different types and categories of computing devices including internet of things devices.
  • FIG. 2 shows exploded view of a computing device interacting with a private network, according to one embodiment.
  • Fig. 3 is staged view of actions, according to one embodiment.
  • Fig. 4 is a staged vjew of actions, according to one embodiment.
  • FIG. 5 is an exploded view of publisher computing device, according to one embodiment.
  • Fig. 6 shows a flowchart illustrating an example of a method of delegation or replication on a private network on a private network.
  • Fig. 7 is a schematic diagram of exemplary computing devices that can be used to implement the methods and systems disclosed herein, according to one embodiment
  • the systems and methods of delegation or replication on a private network includes techniques to incorporate trusted subscribers that are vetted and trusted service providers that can accept delegation requests within a secure private network. This allows for the private network to dynamically leverage resources while retaining control and flexibility in its use. While a service provider may be a third-party, it is not a central service In the traditional sense. The service provider has to comply with the rules and restrictions of the private network.
  • the systems and methods of delegation or replication on a private network provides for a completely distributed social media platform that allows both humans and machines to freely associate with one another through a special salutation protocol.
  • this platform there are no central service. There is no cost to stand up the platform. There are no additional costs as each new user joins the social network.
  • a central service storing a user content and facilitating user content distribution and user discovery, all these facilities are provided in a peer to peer social network owned and operated by the users themselves.
  • No central authority can prevent the users from freely associating with one another nor can a third party exclude a given user from participation in social media with this system.
  • This Invention discloses a novel mechanism that is used to aid in scaling any given user's social network size (the number of peers that a given user can distribute information to).
  • the replicator can either be a service provided by a service provider (third party) or it can be dedicated hardware operated and owned by the publisher. Regardless of who operates the replicator, its operations are the same and it is only the ownership that varies.
  • creating a Replicator instance involves the following. These are the steps necessary to create a replicator Instance. Note that the replicator Itself can be multi-tenant/have more than one instance.
  • replicator can be scaled using standard web scale
  • a new Instance is created for the replicator.
  • the replicator notes the endpointlD of the publisher.
  • the replicator creates a new "Alias" and associated public/private key pair which it then stores within its keyStore for later usage. From this point forward, the alias is used to identify the instance of the replicate having be created.
  • the replicator then forms a Signet which contains the alias, public key and network address of the replicator.
  • the network address may be the address of a load balancer or similar load distributing technology and not the actual device on which the replicator is running.
  • the Signet is then sent to the publisher using any of the means described in the salutation protocol, disclosed in another patent. Publisher then completes salutation with the replicator using the Signet and enclosing its endpoint object (again using the salutation protocol).
  • the replicator associates the alias contained within the salutationPacket to associated the publisher with the instance created for the publisher. It then extracts the payload and adds the publisher's endpoint object to the known endpoints of the instance. The replicator identifies the
  • the publisher creates a conversation object, Cl where the publisher is the owner and no subscribers or messages yet exist.
  • the publisher then sends an addConversation message to the replicator which contains the conversation object Cl.
  • the replicator associates the alias of the message it receives with the instance of the replicator associated with the publisher and extracts the conversation object Cl.
  • the replicator then adds a master conversation object Cl to its collection of conversations. Note that replicators deal in master and subordinate conversation objects which we will detail more later.
  • adding Subscribers involves the following. Subscribers are added to conversations by the publisher or some other process owned and operated by the publisher. Any means could be used to select/qualify subscribers including pre-determined lists, subscription services, etc.
  • Publisher sends the Signet of the Replicator instance that was earlier created to each new subscriber.
  • the subscriber uses the Signet to send a requestRe!ationship packet to the replicator instance.
  • the subscriber includes its endpoint Object.
  • Replicator checks the black list and if the subscriber is not on the black list, it then sends a approvalRequest message containing the subscriber's endpoint object to the publisher associated with the replicator instance.
  • the publisher having received the approvalRequest validates whether or not the subscriber can join the publication using any number of means including checking reputations, paid subscriptions, etc. Should the publisher reject the subscriber, the publisher may send a reject message to the replicator and the replicator may add the subscriber to the blacklist
  • the publisher sends an approval message containing the subscribers endpoint object back to the replicator. Additionally, the publisher saves the endpoint object in its collection of endpoints. Upon approval, the replicator instance adds the endpoint object to the collection of endpoint objects associated with the instance.
  • the replicator then completes the salutation process with the subscriber by sending an acceptRelatlonship object back to the subscriber containing the replicator's endpoint object and alias associated with the replicator instance.
  • the subscriber then adds the replicator's endpoint object to its collection of endpoints.
  • adding a Subscriber to a Conversation involves the following. Subscribers can be added to one or more conversations, having been created by the publisher, who's master conversation objects reside on the instance of the replicator associated with the publisher.
  • addSubscribers object to the replicator.
  • This object contains the conversation ID, Cl along with a list of zero or more endpointID's to be added to the conversation.
  • the publisher also added each of the endpointID's to its local copy of the conversation object Cl.
  • the instance of the replicator associated with the publisher selects the conversation Object Cl from its collection of master conversation objects.
  • the replicator adds the endpoint!D to the master conversation's list of participants.
  • the replicator create a subordinate conversation object Cl.EndpointiD and adds the replicatorlD and the EndpointID as participants to the conversation.
  • the replicator sends a putConversation containing the subordinate conversation
  • deleting a Subscriber involves the following.
  • the publisher may delete or remove subscribers from any conversation for any reason including lapse of subscription, violation of terms of service, etc.
  • the publisher sends a deleteSubscribers object to the publisher containing the conversation ID Cl along with a list of zero or more endpointID's to be removed from the conversation.
  • the replicator For each endpointlD in the list, the replicator does the following. The replicator removes the endpoint ID from the master conversation Cl. The replicator then looks up the subordinate conversation CLEndpointlD associated with the subscriber and and deletes the conversation. The replicator then sends a deleteConversation message referencing Cl.EndpointlD to the subscriber.
  • the subscriber then deletes the conversation Cl.EndpointlD along with all associated message objects.
  • publishing a Message involves the following.
  • the publisher may publish messages associated with any of his conversations he has created. Published messages are then forwarded to the replicator, where they are replicated and distributed to the subscribers Of the conversation
  • Publisher creates a message object Ml and associates it with conversation Cl by adding it to the list of messages contained within object Cl. Publisher then sends a addMessage object to the replicator.
  • the addMessage object contains a reference to conversation Cl and the message object
  • the replicator adds message Ml to the collection of messages associated with the replicator instance associated with the publisher.
  • the replicator adds the message reference to master conversation object Cl.
  • the replicator adds the message reference Ml to the subordinate conversation Cl.EndpointlD.
  • the replicator sends a addMessage object to the subscriber.
  • the addMessage object contains a reference to conversation
  • the subscriber checks the owner of the message (in this case the publisher ⁇ to see if it is in his black list. Since the publisher is never black listed, the following steps happen.
  • the subscriber adds the message Ml to its collection of messages.
  • the subscriber adds the reference to message
  • replying to a Message involves the following. Subscribers may reply to messages within the context of a conversation that they are participants in. Note we don't block or suppress an individuals rights to participate in discourse. Subscribers may free dissociate with a publisher and they may black list messages from any other subscriber. Publishers may cancel a subscriber's subscription but must accept messages from subscribers in good standing.
  • Subscriber creates a new message object Ml within the context of a conversation object
  • the replicator then associated the subordinate conversation Cl.EndpointlD with the master conversation object Cl.
  • the replicator adds the message object Ml to its collection of messages associated with the publisher's instance.
  • the replicator adds a message reference to master conversation object Cl.
  • the replicator looks up the associated subordinate conversation CLEndpoint ID.
  • the replicator adds the message reference to the subordinate conversation Cl.EndpointlD.
  • the replicator sends a addMessage object to the associated endpoint object.
  • the add message contains a reference to conversation
  • deleting a Reply involves the following. Subscribers always own their reply messages and may freely update or delete them at their discretion. When they are updated, the are simply re-sent with a revised "lastChanged*. When they are deleted, the following steps take place.
  • Object contains a reference to conversation ClEndpointlD and a reference to the message Ml.
  • the replicator When the replicator receives the deleteMessage object, it extracts the subordinate and master conversation objects Cl.EndpointlD and Cl. The replicator then deletes the message Ml from its collection of messages. The replicator then deletes the references to Ml from
  • the replicator For each endpoint ID (which includes the publisher) of Cl, the replicator then: The replicator sends a deleteMessage object containing a reference to ClEndpointID and a reference to message
  • deleting a conversation involves the following. Conversations can be deleted by their owner and in this case, the owner of all the conversations is the publisher. When the publisher deletes a conversation, then all messages associated with the conversation are removed from the publisher's device, the replicator and every subscribers device as well as the master conversation Cl and all subordinate conversation objects Cl.EndpointlD. The means are identical to what has already been listed.
  • Replicator instances may be deleted by the publisher or by the replicator's operator (a third party.). When a replicator instance is deleted, then all objects associated with that instance including any endpoint objects, conversation objects and messages belonging the the publisher or any of the subscribers are all deleted using the practices and methods already outlined above.
  • FIG. 1 depicts a diagram 100 illustrating an example of securely connecting computing devices through the private network 140 as well as storing information securely on the computing devices before or after each transmission, in the example of FIG. 1, the environment includes a first loT devices 110-1 through an nth client system 110-n, private network
  • the loT device 110 includes components related to network connectivity.
  • the loT device 110 includes speaker and/or microphone hardware and software components to enable receipt and execution of speech commands directly on the device, in another implementation, the loT device 110 does not include a speaker and/or microphone capability to enable receipt and execution of speech commands directly on the device, yet the loT device is able to communicate with the private network system to enable receipt and execution of speech commands translated to device specific SDK/API commands.
  • the data, information or content 190 is an alias on one of the computing devices on the private network that uses sendees delegation that flows through 192 Replicator to send to a subscriber list 194-1 to 194-n subscribers,
  • the role of the computing device manufacturers is separated from the use of the computing devices in hosting applications. After purchase, a user of the computing device has control on how to use, configure and communicate using that device. Use of any central services including those from the device manufacturer become optional.
  • the loT devices integrate with the private network with zero additional programming. Different categories of smart watches
  • Intelligent voice assistants 150 can be from a variety of providers like Amazon Alexa, Google Home
  • Smartphones 170 and servers 180 with more computing power, bandwidth and capabilities are also connected.
  • the smallest computing device i.e. an loT doorbell ring to the largest computing device, a full-fledged server, are both treated equal in the digital private network world.
  • an alias with signet on the first computing device has control and flexibility on its publications.
  • publications could be triggered by a human or could be automated reporting or notification alerts by a machine.
  • Private Network 140 can be different wireless and wired networks available to connect different computer devices including client and server systems.
  • private network 140 is publicly accessible on the internet through secure messaging protocol described herein.
  • private network 140 is Inside a secure corporate wide area network.
  • private network 140 allows connectivity of different systems and devices using a computer-readable medium.
  • API application programming interface
  • XML extensible markup language
  • Javascript Javascript
  • JSON Object Notation
  • PGP Personal Home Page
  • Python Python
  • Node.js Java/C++ object-oriented Java/C++
  • Different components may also implement authentication and encryption to keep the data and the requests secure.
  • Authentication Of a device may be accomplished using public/private key, passwords, token, transaction, biometrics, multi-factor authentication or other methods known in the industry. Encryption may use data encryption standard (DES), TripieDES, RSA, Advanced
  • AES Encryption Standard
  • FIG. 2 is an exploded view 200 of different versions of an implementation that allow application programming interface, hooks, or overlay network connections in a computing device that hosts different applications.
  • Alias-1 270 is associated with a computing device that may have one or more operating systems including Android 210, iOS 220 or loT operating system 230
  • the computing device includes device hardware 250 that can be controlled by the private network API/ hooks 240 that are incorporated at a system level on the computing device.
  • the private network overlay hooks are implemented using Java Android SDK, Objective C, or C++.
  • any and all communications are controlled using the private network overlay architecture that encompasses the operating system at 290 de-centralization module and 292 overlay network module.
  • a user can customize the alias to go in and out of the private network overlay architecture mode.
  • the private network includes replicators 260 and subscribers 265 that replicate the applications or services 295 and send out to the subscribers who are a subset of the trusted alias
  • the overlay network is based on peer to peer network.
  • the private network using an overlay network using the existing public network.
  • the computing device includes applications or services that can create content, publish content and reply to messages 295 in the private network. Hie list of replicators
  • Adding on the subscriber list 265 also depends on established trusted relationships.
  • Services that can be replicated include, for example, email, fax, storage, financial bookkeeping, storage services, HR services, publishing, document processing, tax services, etc.
  • the subscribers use one or more of the services that are provided by the alias 1,
  • Fig. 3 outlines 300 showing actions related to replicator and subscriber services between an alias 1 at 310-1 who is a publisher and Its replicator at Alias 350-1 that is sent out to Subscribers at alias 380-1 to 380-n.
  • One more replicators may offer the same services for Alias 310-1.
  • replicator 350-1 initially establishes a trust relationship with Alias 310-1 to provide services.
  • Replicator has to get on the whitelist 320.
  • Services could be one or more services provided in the digital domain.
  • the underlying platform Is a peer to peer network using the blockchain platform.
  • Alias-1 includes a whitelist, a replicator list and content that is 330 publish sets including one or more conversations 330-1 to 330-n, that includes messages 330-1-1 to 330-n-n.
  • Alias-1 just has to send a single message that is then replicated across multiple subscribers at the replicator. Ail the messages stay secure and encrypted and all entities/devices involved continue to comply with the rules and restrictions of the private network.
  • Each message at the replicator is replicated individually for each subscriber using the subscriber's public key. This method ensures that the receipt is authenticated and only the intended subscriber can decode the message.
  • the cryptography can get intensive.
  • known techniques of parallel processing and using multiple processors to accomplish intense cryptographic computations can be used with additional resources for both hardware and software- Replicators can be high-end servers who can handle this load and have the bandwidth. Alias-1 can freely.
  • the replicator maintains a 370 subscriber lists.
  • the addition, revision and deletion of the subscriber list is handled at the replicator.
  • the addition, revision and deletion of the subscriber list is handled at the alias-1 publisher and sent in an encrypted message for use at replicator.
  • both alias-1 publisher and replicator can perform addition, revision or deletion of the subscriber list and notify the other whenever there is an update.
  • the replicator also maintains message replication 375 indexing and replication process.
  • the replicator would include a status table on which subscribers have received the updates and are behaving, in one embodiment, the replicator monitors the subscriber behavior and give periodic feedback to the publisher, in one embodiment, the replicator can recommend revocation of a subscriber who is not behaving according to the rules and restrictions of the private network. A replicator may also investigate and vet a subscriber based on publicly available information before adding him to the subscriber list for a Service.
  • HG. 4 with 400 shows actions between a publisher, a replicator and subscribers for the private network. Similar to what is shown in Fig. 3, Publisher 410-1 has an established white!ist 420,
  • Message 440 is from Alias 480- l,s a new subscriber who wants to enroll in one of the services published by the publisher.
  • Publisher notifies its replicator 450-1 using message 460 that a new subscriber is requesting addition to its subscriber list, in one embodiment.
  • Replicator 45&1 then gives feedback that goes towards 478 vetting subscriber's past behavior, current status and fitness to join the subscriber list.
  • the decision to add the subscriber is automated at the replicator using artificial inte!ligencemodules that are customized by the publisher.
  • the decision to add the subscriber is made by the publisher.
  • the decision to add the subscriber is automatically made at the publisher.
  • user input is sought to make the final decision as to whether to add or reject the subscriber.
  • the decision is conveyed to the subscriber by the replicator using message 465. If the subscriber is added to the list, it starts receiving conversation and message updates 468 that also go to other subscribers 480-2 to 480-n.
  • the replicator has the 470 subscriber lists module that is kept current 475 is the message replication process and 478 is the subscriber vetting module.
  • the subscriber vetting indudes input based on customized user settings.
  • the subscriber vetting includes artificial intelligence modules that learns different user settings.
  • FIG. 5 with 500 shows an exploded view of publisher computing device 505 and the modules incorporated.
  • the module is triggered for different services.
  • the Services module maintains a list of services that are provided by the 505 device. It allows customization, addition, revision and deletion of new services on the system. In one embodiment, the service may be publicly available and is then also provided in a restricted manner for the private network.
  • replicator list, selection and updates are dynamically performed by the module. The system monitors whether a replicator has been performing its functions with good quality.
  • module is used to maintain subscriber list, selection and update. In one embodiment, the module may be delegated to the replicator and the publisher gets notifications of the subscribers list. In one embodiment, the publisher does its own vetting of subscribers.
  • different categories of services and corresponding replicators are associated. For example, depending on the type of service, the requirements for the replicator changes with regards to network, bandwidth and computing power.
  • Services input or forwarding is handled. This module keeps a list of active and wellperforming replicators associated with different services. Services input includes requests to add new sendees, revise services or delete services. At 550, the module includes content update and forwarding. Any new creation of content includes content that needs to be published and associated messages.
  • FIG. 6 depicts a flowchart 600 illustrating an example of a method of replicator and subscriber on a private network. The flowchart 600 is discussed in conjunction with the
  • At block 605 begins with establishing a secure and encrypted private network with one or more profile computing devices.
  • the private network enforces delegation or replication services that are trusted, customized control at the data level that is Implemented network-wide and distribution is to a trusted subscribers list that can be customized dynamically.
  • the invention is systems and methods of delegation or replication on a private network allows scaling of data distribution on the private network to leverage network and computing powers at replicators for large scale subscribers while allowing the publisher to establish trust before delegation and vetting subscribers.
  • Figure 7 is a schematic diagram of computing device 700 that can be used to implement the methods and systems disclosed herein, according to one or more embodiments.
  • Figure 7 is a schematic of a computing device 700 that can be used to perform and/or implement any of the embodiments disclosed herein.
  • loT device 110, SDK/API 120, Speak- to-loT system 130, voice assistants 150, user end devices with mobile apps 170 or 180 of Figure 1 may be the computing device 700.
  • the computing device 700 may represent various forms of digital computers, such as laptops, desktops, workstations, personal digital assistants, servers, blade servers, mainframes, and/or other appropriate computers.
  • the computing device 700 may represent various forms of mobile devices, such as smartphones, camera phones, personal digital assistants, cellular telephones, and other similar mobile devices.
  • the components shown here, their connections, couples, and relationships, and their functions, are meant to be exemplary only, and are not meant to limit the embodiments described and/or claimed.
  • FIG. 7 shows an example of a computing device 700 on which techniques described here can be implemented.
  • the computing device 700 can be a conventional computer system that can be used as a client computer system, such as a wireless client or a workstation, or a server computer system.
  • the computing device 700 includes a computer 705, I/O devices 710, and a display device
  • the computer 705 includes a processor 720, a communications interface 725, memory 730, display controller 735, non-volatile storage 740, and I/O controller 745.
  • the computer 705 may be coupled to or include the I/O devices 710 and display device 715.
  • the computer 705 interfaces to external systems through the communications interface 725, which may include a modem or network interface. It will be appreciated that the communications interface 725 can be considered to be part of the computing device 700 or a part of the computer
  • the communications interface 725 can be an analog modem, integrated services for digital networks ("ISDN”) modem, cable modem, token ring interface, satellite transmission interface (e.g.
  • ISDN integrated services for digital networks
  • cable modem cable modem
  • token ring interface token ring interface
  • satellite transmission interface e.g.
  • direct personal computer also known as “direct PC”
  • direct PC direct personal computer
  • the processor 720 may be, for example, a conventional microprocessor such as an Intel
  • the memory 730 is coupled to the processor 720 by a bus 750.
  • the memory 730 can be Dynamic Random Access Memory (DRAM) and can also include Static RAM (SRAM).
  • the bus 750 couples the processor 720 to the memory 730, also to the non-volatile storage 740, to the display controller 735, and to the I/O controller 745.
  • the I/O devices 710 can include a keyboard, disk drives, printers, a scanner, and other input and output devices, including a mouse or other pointing device.
  • the display controller 735 may control in the conventional manner a display on the display device 715, which can be, for example, a cathode ray tube (CRT) or liquid crystal display (LCD).
  • the display controller 735 and the I/O controller 745 can be implemented with conventional well-known technology.
  • e storage 740 is often a magnetic hard disk, an optical disk, or another form of storage for large amounts of data. Some of this data is often written, by a direct memory access process, into memory 730 during execution of software in the computer 705.
  • -'machine-readable medium or “computer-readable medium” includes any type of storage device that is accessible by the processor 720 and also encompasses a carrier wave that encodes a data signal.
  • the computing device 700 is one example of many possible computer systems that have different architectures.
  • personal computers based on an Intel microprocessor often have multiple buses, one of which can be an I/O bus for the peripherals and one that directly connects the processor 720 and the memory 730 (often referred to as a memory bus).
  • the buses are connected together through bridge components that perform any necessary translation due to differing bus protocols.
  • Network computers are another type of computer system that can be used in conjunction with the teachings described here.
  • Network computers do not usually include a hard disk or other mass storage, and the executable programs are loaded from a network connection into the memory
  • a Web TV system which is known in the art, is also considered to be a computer system, but it may lack some of the components shown in FIG. 7, such as certain input or output devices.
  • a typical computer system will usually include at least a processor, memory, and a bus coupling the memory to the processor.
  • FIG. 7 shows an example of the computing device 700, it is noted that the term
  • a computer system is intended to be construed broadly.
  • a computer system will inciude a processor, memory, non-volatile storage, and an Interface.
  • a typical computer system will usually include at least a processor, memory, and a device (e.g., a bus) coupling the memory to the processor.
  • the processor can be, for example, a general-purpose central processing unit (CPU), such as a microprocessor, or a special-purpose processor, such as a microcontroller.
  • CPU general-purpose central processing unit
  • microcontroller such as a microcontroller
  • the memory can include, by way of example but not limitation, random access memory
  • RAM such as dynamic RAM (DRAM) and static RAM (SRAM).
  • DRAM dynamic RAM
  • SRAM static RAM
  • the memory can be local, remote, or distributed.
  • computer-readable storage medium is intended to include only physical media, such as memory.
  • a computer-readable medium is intended to include all mediums that are statutory (e.g., in the United States, under 35 U.S.C 101], and to specifically exclude all mediums that are non-statutory in nature to the extent that the exclusion is necessary for a claim that includes the computer-readable medium to he valid.
  • Known statutory computer-readable mediums include hardware (e.g., registers, random access memory (RAM), nonvolatile (NV) storage, to name a few), but may or may not be limited to hardware.
  • the bus can also couple the processor to the non-volatile storage.
  • the non-volatile storage is often a magnetic floppy or hard disk, a magnetic-optical disk, an optical disk, a read-only memory
  • ROM read-only memory
  • EEPROM electrically erasable programmable read-only memory
  • magnetic or optical card or another form of storage for large amounts of data.
  • Some of this data is often written, by a direct memory access process, into memory during execution of software on the computer system.
  • the non-volatiie storage can be local, remote, or distributed.
  • the non-volatile storage is optional because systems can be created with all applicable data available in memory.
  • a software program is assumed to be stored at an applicable known or convenient location (from non-volatile storage to hardware registers) when the software program is referred to as “implemented in a computer-readable storage medium.”
  • a processor is considered to be "configured to execute a program” when at least one value associated with the program is stored in a register readable by the processor.
  • a computer system can be controlled by operating system software, which is a software program that includes a file management system, such as a disk operating system.
  • operating system software is a software program that includes a file management system, such as a disk operating system.
  • file management system is typically stored in the non-volatile storage and causes the processor to execute the various acts required by the operating system to input and output data and to store data in the memory, including storing files on the non-volatile storage.
  • the bus can also couple the processor to the interface.
  • the interface can include one or more input and/or output (I/O) devices.
  • I/O devices can include, by way of example but not limitation, a keyboard, a mouse or other pointing device, disk drives, printers, a scanner, and other
  • the I/O devices including a display device.
  • the display device can include, by way of example but not limitation, a cathode ray tube (CRT), liquid crystal display (LCD), or some other applicable known or convenient display device.
  • the interface can include one or more of a modem or network interface.
  • a modem or network interface can be considered to be part of the computer system.
  • the interface can include an analog modem, isdn modem, cable modem, token ring interface, satellite transmission interface (e,g. "direct PC"), or other interfaces for coupling a computer system to other computer systems. Interfaces enable computer systems and other devices to be coupled together in a network.
  • a person of ordinary skill in the art would appreciate that delegation and replication on the private network for trusted subscribers allows for network wide control and flexibility by providing a protocol to establish trust both at service provider level as well as subscriber level. It allows leveraging network-wide resources.
  • an overlay network including, for example, a peer to peer network
  • a peer to peer network is a system that provides computing resources, software, and/or information to client systems by maintaining de-centralized services and resources that the client systems can access over a communications interface, such as a network.
  • a communications interface such as a network.
  • modules or components described herein could be implemented using a cloud-based computing system.
  • Such systems can involve a subscription for services or use a utility pricing model. Users can access the protocols of the private network through a web browser or other container application located on their client system.
  • the invention disclosure describes techniques that those of skill in the art can implement in numerous ways. For instance, those of skill in the art can implement the techniques described here using a process, an apparatus, a system, a composition of matter, a computer program product embodied on a computer-readable storage medium, and/or a processor, such as a processor configured to execute instructions stored on and/or provided by a memory coupled to the processor.
  • a component such as a processor or a memory described as being configured to perform a task may be implemented as a general component that is configured to perform the task at a given time or a specific component that is manufactured to perform the task.
  • the term 'processor' refers to one or more devices, circuits, and/or processing cores configured to process data, such as computer program instructions.
  • computing or “calculating” or “determining” or “displaying” or the like, refer to the action and processes of a computer system, or similar electronic computing device, that manipulates and transforms data represented as physical (electronic) quantities within the computer system's registers and memories into other data similarly represented as physical quantities within the computer system memories or registers or other such information storage, transmission or display devices.
  • the apparatus can be specially constructed for the required purposes, or it can comprise a general- purpose computer selectively activated or reconfigured by a computer program stored in the computer.
  • a computer program may be stored in a computer-readable storage medium, such as, but is not limited to, read-only memories (ROMs), random access memories (RAMs), EPROMs,
  • EEPROMs electrically erasable programmable read-only memory
  • magnetic or optical cards any type of disk including floppy disks, optical disks, CD-ROMs, and magnetic-optical disks, or any type of media suitable for storing electronic instructions, and each coupled to a computer system bus.
  • the structures and modules in the figures may be shown as distinct and communicating with only a few specific structures and not others.
  • the structures may be merged with each other, may perform overlapping functions, and may communicate with other structures not shown to be connected in the figures.
  • the above-described functions and components may be comprised of instructions that are stored on a storage medium such as a computer readable medium.
  • the instructions may be retrieved and executed by a processor.
  • Some examples of instructions are software, program code. and firmware.
  • Some examples of storage medium are memory devices, tapes, disks, Integrated circuits, and servers,
  • the instructions are operational when executed by the processor to direct the processor to operate in accord with some embodiments. Those skilled in the art are familiar with instructions, processor(s), and storage medium.
  • the structures and modules in the figures may be shown as distinct and communicating with only a few specific structures and not others, The structures may be merged with each other> may perform overlapping functions, and may communicate with other structures not shown to be connected in the figures.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Information Transfer Between Computers (AREA)

Abstract

L'invention concerne des systèmes et des procédés de délégation ou de réplication sur un réseau privé, consistant à : établir un réseau privé sécurisé et chiffré avec un ou plusieurs dispositifs informatiques de profils; établir une relation de confiance sur une liste blanche pour un premier dispositif informatique de profil; identifier des catégories de services fournis au premier profil comprenant un ou plusieurs des éléments suivants : la réception et l'exécution de commandes en provenance du premier profil; l'examen approfondi d'un abonné avant inclusion dans un service; la réception en provenance d'un abonné; la répartition d'un contenu à un ou plusieurs abonnés dans un groupe; la révocation d'un abonné d'un groupe; ou l'établissement d'un rapport de l'état d'une tâche; la réception d'une sélection d'un ou plusieurs des services en provenance du premier profil; l'exécution d'un ou plusieurs des services sélectionnés pour le compte du premier profil.
PCT/US2020/042937 2019-07-22 2020-07-21 Systèmes et procédés de délégation ou de réplication sur un réseau privé WO2021016278A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US16/518,706 US20210029125A1 (en) 2019-07-22 2019-07-22 Systems and methods of delegation or replication on a private network
US16/518,706 2019-07-22

Publications (1)

Publication Number Publication Date
WO2021016278A1 true WO2021016278A1 (fr) 2021-01-28

Family

ID=74190534

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US2020/042937 WO2021016278A1 (fr) 2019-07-22 2020-07-21 Systèmes et procédés de délégation ou de réplication sur un réseau privé

Country Status (2)

Country Link
US (1) US20210029125A1 (fr)
WO (1) WO2021016278A1 (fr)

Families Citing this family (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11693695B1 (en) * 2021-04-12 2023-07-04 Vmware, Inc. Application self-replication control
US11916950B1 (en) 2021-04-12 2024-02-27 Vmware, Inc. Coordinating a distributed vulnerability network scan
US11528317B1 (en) 2021-05-05 2022-12-13 Vmware, Inc. Proxy-enabled communication across network boundaries by self-replicating applications
US11924177B2 (en) 2021-06-11 2024-03-05 Whitestar Communications, Inc. Crypto-signed switching between two-way trusted network devices in a secure peer-to-peer data network
US11924229B2 (en) 2021-06-29 2024-03-05 Whitestar Communications, Inc. Distributed security in a secure peer-to-peer data network based on real-time sentinel protection of network devices
US11949717B2 (en) 2021-06-29 2024-04-02 Whitestar Communications, Inc. Distributed security in a secure peer-to-peer data network based on real-time navigator protection of network devices
US11582241B1 (en) 2021-07-22 2023-02-14 Whitestar Communications, Inc. Community server for secure hosting of community forums via network operating system in secure data network
US11792186B2 (en) 2021-07-29 2023-10-17 Whitestar Communications, Inc. Secure peer-to-peer based communication sessions via network operating system in secure data network
US11784813B2 (en) 2021-07-30 2023-10-10 Whitestar Communications, Inc. Crypto tunnelling between two-way trusted network devices in a secure peer-to-peer data network
US11870899B2 (en) 2021-08-30 2024-01-09 Whitestar Communications, Inc. Secure device access recovery based on validating encrypted target password from secure recovery container in trusted recovery device
US11582201B1 (en) 2021-09-16 2023-02-14 Whitestar Communications, Inc. Establishing and maintaining trusted relationship between secure network devices in secure peer-to-peer data network based on obtaining secure device identity containers
US11848763B2 (en) 2022-01-20 2023-12-19 Whitestar Communications, Inc. Secure ad-hoc deployment of IoT devices in a secure peer-to-peer data network
US11811755B2 (en) 2022-01-20 2023-11-07 Whitestar Communications, Inc. Dynamic secure keyboard resource obtaining interface definitions for secure ad-hoc control of a target device in a secure peer-to-peer data network

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20130013922A1 (en) * 2011-07-08 2013-01-10 Florian Kerschbaum Secure dissemination of events in a publish/subscribe network
US20150013018A1 (en) * 2012-03-06 2015-01-08 Nokia Corporation Methods, apparatuses, and computer-readable storage media for securely accessing social networking data

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10305915B2 (en) * 2010-12-13 2019-05-28 Vertical Computer Systems Inc. Peer-to-peer social network

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20130013922A1 (en) * 2011-07-08 2013-01-10 Florian Kerschbaum Secure dissemination of events in a publish/subscribe network
US20150013018A1 (en) * 2012-03-06 2015-01-08 Nokia Corporation Methods, apparatuses, and computer-readable storage media for securely accessing social networking data

Also Published As

Publication number Publication date
US20210029125A1 (en) 2021-01-28

Similar Documents

Publication Publication Date Title
US20210029125A1 (en) Systems and methods of delegation or replication on a private network
US11068195B2 (en) Systems and methods of distributed backup and recovery on a private network
US11265325B2 (en) Systems and methods of salutation protocol to communicate using a private overlay peer to peer network
US11546170B2 (en) Systems and methods of collaborative application on a private network
US11463418B2 (en) Systems and methods of enforcing communications semantics on a private network
US11256822B2 (en) Systems and methods of gesture triggered automatic erasure on a private network
US11343098B2 (en) Systems and methods of securing digital conversations for its life cycle at source, during transit and at destination
US10334397B2 (en) Interaction tracking and organizing system
US9672382B2 (en) Managing access of user information by third party applications
EP3020179B1 (fr) Procédé de connexion programmable distribuée pour établir des interactions multimédia de poste à poste
US20230137345A1 (en) System and method for decentralized user controlled social media
US20230121420A1 (en) Trust relationships to share client assets among client accounts in a software as a service platform
US8490202B2 (en) Method for masking data
US9374332B2 (en) Distribution list creation and subscription
US11637819B2 (en) Establishing connectivity between user devices
US10554747B2 (en) Secure file transfer using peer to peer wireless communication with authentication through social network connections
US20170359727A1 (en) Routing secure communications across multiple communication devices or points-of-presence

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 20844689

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 20844689

Country of ref document: EP

Kind code of ref document: A1